There are three parts that the NetScaler Application Firewall (AppFW) may modify or check in the web application.  These parts are the following:

  • HTTP Headers
  • Forms/Data
  • Cookies

What do you need to know?

NetScaler AppFW checks the host header.  Sometimes AppFW will then add hidden fields to provide better security to the application.  Sometimes hidden forms value could be long however because of NetScaler AppFW sessionless security, which was explained in previous blog, it has no impact to memory usage.  Basically when doing form field checks and URL closures, NetScaler AppFW will not store any forms or use up memory.

To uphold security of the app, the AppFW may change, drop or add headers in the HTTP requests or responses.   To send HTTP messages, HTTP requests or responses will use the headers.  For Citrix SE/Sales, feel free to use the following Knowledge Base (KB) CTX131488 for more details on this.

What happens if it is forms or data?

Any attacks to modify or change the content of the original form sent by the server will be protected by AppFW.  AppFW can also protect from Cross Site Forgery attacks.  AppFW do not make changes to the data, it pretty much checks it to make sure there is no attacks in them.

For cookies,  to maintain the state of the session, the AppFW generates its own session cookie when the web server responds to the first HTTP request from the web browser.  Cookie will not be sent to the server.   The KB article above goes through this in very thorough detail because there are different behaviors if AppFW has cookie proxy enabled or not enabled.   Maybe we should go through this more in the next blog for those that want more info in blog vs. KB, if so, let me know.